We value the trust you place in us, and work diligently to maintain that trust. As part of that commitment, we are deprecating older security protocols that do not meet current industry standards for connecting to our REST API.
Notice: Twilio projects can only use the following cipher suites to connect to our API:
ECDHE-ECDSA-AES128-GCM-SHA256
ECDHE-RSA-AES128-GCM-SHA256
ECDHE-ECDSA-AES128-SHA256
ECDHE-RSA-AES128-SHA256
ECDHE-ECDSA-AES256-GCM-SHA384
ECDHE-RSA-AES256-GCM-SHA384
ECDHE-ECDSA-AES256-SHA384
ECDHE-RSA-AES256-SHA384
AES128-GCM-SHA256
AES128-SHA256
AES256-GCM-SHA384
Summary
Starting March 2023, our REST API will only support the cipher suites listed above. Support for any other cipher suite will be removed at that time. Customers running older operating systems or legacy network software may need to upgrade their systems to be compatible with these changes.
Impact
If your Twilio Project is connecting to our REST API using one of the protocols or cipher suites that will be deprecated in March 2023, an action is required on your part to ensure your Twilio service is not interrupted.
Take Action
Using the steps below, we strongly recommend you immediately test your system to determine if it is compatible with the new security requirements. If the test fails, you’ll need to plan for upgrading your system and verifying compatibility between now and March 2023.
1. TEST
First, check your current system’s compatibility with our test endpoint. Even if you already use the latest Twilio helper library, you still need to test!
Action: Follow our test procedures and use our code snippets to test your system’s compatibility: Monitoring Updates to the Twilio REST API Security Settings.
2. UPGRADE
If you are unable to successfully connect to our test endpoint, you may need to upgrade your operating system’s security components. Twilio’s helper libraries do not need to be upgraded, but you may need to make configuration changes in your application to update the underlying software dependencies used by the Twilio libraries.
Action: Follow our tips for identifying connection errors and upgrading your environment for compatibility: Tips for Upgrading Your Environment to Support Twilio REST API’s Strong Cipher Suite Changes
3. VERIFY
Once you’ve made the necessary changes, verify your upgraded system can connect successfully to the same test endpoint on port 8443 from your production environment. Our normal REST API endpoint already supports the strong cipher suites, so you can immediately cut over your production traffic once the changes are verified in your environment.
Action: Verify your upgraded system’s compatibility using our recommended test procedures and code snippets: Monitoring Updates to the Twilio REST API Security Settings.
Additional Resources
- Monitoring Updates to the Twilio REST API Security Settings
- Tips for Upgrading Your Environment to Support Twilio REST API’s Strong Cipher Suite Changes
- Frequently Asked Questions: Twilio REST API’s Cipher Suite Security Changes for March 2023
If you need assistance beyond these resources, please contact our Support Team.